Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a google.rpc.Code.PERMISSION_DENIED will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
HTTP request
POST https://iap.googleapis.com/v1beta1/{resource=**}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-17 UTC."],[[["\u003cp\u003eThis endpoint tests the permissions a caller has on an Identity-Aware Proxy (IAP) protected resource, returning a \u003ccode\u003egoogle.rpc.Code.PERMISSION_DENIED\u003c/code\u003e error if the resource doesn't exist or the caller lacks IAP permissions.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request uses the \u003ccode\u003ePOST\u003c/code\u003e method with a specific URL format that includes a required \u003ccode\u003eresource\u003c/code\u003e path parameter following \u003ca href=\"https://google.aip.dev/127\"\u003egRPC Transcoding\u003c/a\u003e syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must include a JSON object containing an array of specific permissions to check for the provided \u003ccode\u003eresource\u003c/code\u003e, and wildcard permissions are not allowed.\u003c/p\u003e\n"],["\u003cp\u003eA successful request will return a response body that is an instance of \u003ca href=\"/iap/docs/reference/rest/Shared.Types/TestIamPermissionsResponse\"\u003eTestIamPermissionsResponse\u003c/a\u003e.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization for this endpoint requires the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope, as detailed in the \u003ca href=\"https://cloud.google.com/docs/authentication/\"\u003eAuthentication Overview\u003c/a\u003e.\u003c/p\u003e\n"]]],[],null,[]]
